Sequester could stall momentum on cybersecurity

The mandatory budget cuts looming over Washington threaten to forestall work on cybersecurity just as the president’s new executive order gets off the ground.

Without prompt congressional intervention, sequestration could hamstring the Pentagon, the Department of Homeland Security and other federal agencies tasked only this month with protecting the nation’s critical infrastructure from crippling cyberattacks and digital spies.

Text Size

-

+

reset

Podcast: Sequester episode

The perils of mandatory subtraction aren’t unique to federal efforts shoring up the country’s digital defenses. And there’s widespread belief that cybersecurity funding might ultimately be safe, given Washington’s recognition of the threat at hand. But the potential for initial, broad cuts — on top of an already flat budget — still stand in stark contrast to the policy vision unveiled by President Barack Obama earlier this month and raises the possibility of early delay.

In time for his State of the Union address, the president signed the executive order meant to solicit new, voluntary cybersecurity standards for the nation’s power grid, financial sector and other key institutions while helping government and the private sector share data about emerging threats. The order outlines a strategy across agencies to protect federal and private systems from cyberattack and cyberespionage.

For its part, the administration has said it doesn’t believe its order carries with it a new, steep price tag. “For [fiscal year] 2013, agencies will be able to cover the costs of [executive-order] implementation within existing resources,” White House spokeswoman Caitlin Hayden told POLITICO.

“Although we can’t comment on future budget requests at this point, the administration will consider the requirements of [order] implementation in determining agency resource requests; that said, we do not believe the costs of implementing the [order] will be very large across the government,” she continued.

Still, it may not be so simple if the sequester ax drops on Washington, which has operated for months under a bare-bones continuing resolution that mostly mimics funding from last year. Some agencies, including the Department of Defense, have spent into this year under the presumption they may receive a fuller appropriation in 2013 — creating the possibility for double the budget trouble in some wings of the government

“Sequestration is bad, the CR is bad; if they both hit, it’s very bad,” said Irving Lachow, director of the Technology and U.S. National Security program at the Center for a New American Security. DOD, in particular, could face furloughs and other reductions that could ultimately hurt its cybersecurity operations and workforce.

Implementation of the president’s executive order also remains at risk. Take the National Institute for Standards and Technology, the agency tasked with convening the owners and operators of critical infrastructure and developing the voluntary standards meant to protect those institutions from attack.

NIST is only now embarking on the yearlong endeavor while the agency continues its related work serving as a hub for cybersecurity research and development. NIST, though, faces a roughly $38 million shortfall in the event of sequestration, according to an administration source, a series of cuts that the Commerce Department previously said would “fall on grants, contracts, equipment procurements, deferment of open positions and cuts in the repair and maintenance of NIST facilities.”